From ${URL} : Due to incorrect use of integer types and missing overflow checks in the tre_tnfa_run_parallel function's buffer overflow logic, the TRE regex implementation (both original version and the one used in musl libc) are subject to integer overflows in buffer size computation. If the caller passes to regcomp a regular expression whose internal representation requires a large number of states and/or a large number of tags, too little space will be allocated during regexec, resulting in out-of-bound memory writes. An attacker who controls the regular expression and/or the string being searched can potentially exploit these writes to achieve controlled heap corruption. All versions of the TRE library and musl libc are affected. The attached patch fixes the issue in musl and should be easy to adapt for use with original TRE. musl git master is fixed as of commit c3edc06d1e1360f3570db9155d6b318ae0d0f0f7. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Hey there. I'm not even sure this affects the actual dev-libs/tre package. The official tre repository hasn't been updated in years [1]. You might consider closing this bug. [1]: https://github.com/laurikari/tre/
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f82f7cb10835ccf5799706dd752eada3a0e5b9 commit 78f82f7cb10835ccf5799706dd752eada3a0e5b9 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-06-09 23:03:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-13 01:56:44 +0000 dev-libs/tre: Security bump Bug: https://bugs.gentoo.org/597616 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16158 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-libs/tre/files/0.8.0-CVE-2016-8559.patch | 73 ++++++++++++++++++++++++++++ dev-libs/tre/tre-0.8.0-r2.ebuild | 67 +++++++++++++++++++++++++ 2 files changed, 140 insertions(+)
@maintainer(s), please call for stable when ready.
x86 stable
arm stable
ppc stable
amd64 stable
hppa/sparc stable
ppc64: ping
ppc64 stable. ---- Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7c292c9776cfb1e55f8d30d0750907d7b298bce commit d7c292c9776cfb1e55f8d30d0750907d7b298bce Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-17 03:18:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 10:32:04 +0000 dev-libs/tre: Security cleanup, drop <0.8.0-r2 Bug: https://bugs.gentoo.org/597616 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16722 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/tre/tre-0.8.0-r1.ebuild | 64 ---------------------------------------- 1 file changed, 64 deletions(-)
This issue was resolved and addressed in GLSA 202007-43 at https://security.gentoo.org/glsa/202007-43 by GLSA coordinator Sam James (sam_c).